// const STS = require("miniprogram_npm/ali-oss").STS;
const express = require("miniprogram_npm/express");
const app = express();
const stsClient = new STS({
  // 阿里云账号AccessKey拥有所有API的访问权限，风险很高。强烈建议您创建并使用RAM用户进行API访问或日常运维，请登录RAM控制台创建RAM用户并授权。
  accessKeyId: "yourAccessKeyId",
  accessKeySecret: "yourAccessKeySecret",
  // 填写Bucket名称。
  bucket: "YourBucketName",
});

async function getToken() {
  // 指定角色的ARN，格式为acs:ram::$accountID:role/$roleName。
  const STS_ROLE = "yourStsRole";
  const STSpolicy = {
    Statement: [
      {
        Action: ["oss:*"],
        Effect: "Allow",
        Resource: ["acs:oss:*:*:*"],
      },
    ],
    Version: "1",
  };
  const result = await stsClient.assumeRole(
    STS_ROLE,
    STSpolicy,
    3600 // STS过期时间，单位为秒。
  );
  const { credentials } = result;

  return credentials;
}

app.get("/getToken", async (req, res) => {
  // 获取STS。
  const credentials = await getToken();
  console.log(credentials.AccessKeyId);
  console.log(credentials.AccessKeySecret);
  console.log(credentials.SecurityToken);
  res.json(credentials);
});